Security

Splunk Admin Password

hsharry
New Member

I have renamed passwd.bkg to passwd and restart splunk but still not able to reset my password using admin and changeme

Tags (1)
0 Karma

syap
Splunk Employee
Splunk Employee

Hi, I do not have programming knowledge.
And now I forgot my Splunk Enterprise password.
Can someone help to guide me through how to reset the password?
What exactly I need to do and the path I needed to input?
Thank you and really appreciate your help.
Splunk pw.PNG

0 Karma

furrowaw
Engager

If you have local access to the server, you can do this from commandline. Password must be at least 8 characters.

splunk cmd splunkd rest --noauth POST /services/admin/users/admin "password=YourPasswordHere"

wrangler2x
Motivator

If you are on Splunk 7.1 then the method of recovering from an "I forgot the password for admin" situation is different. Prior to 7.1 just the absence of $SPLUNK_HOME/etc/passwd caused Splunk to reset the password to changeme. But on 7.1 there is an additional step.

  1. You need to save the $SPLUNK_HOME/etc/passwd file, removing the original.
  2. You need to edit a file called $SPLUNK_HOME/etc/system/local/user-seed.conf (this will probably be a new file).
  3. You need to add a stanza called [user_info] and specify the admin user and what password you wish to use.
  4. Then restart Splunk. This will generate a new $SPLUNK_HOME/etc/passwd file.
  5. If you had something other than vanilla in the passwd file (other lines, other admin users) you need to put them back into the new passwd file and restart Splunk again.

Sample $SPLUNK_HOME//etc/system/local/user-seed.conf file [user_info] stanza

[user_info]
USERNAME = admin
PASSWORD = password

      * Password must meet complexity requirements. [See the docs][1].

anwarmian
Communicator

This method works in 7.1+.  It worked for me.

0 Karma

altink
Builder

Hi

I have a Splunk 7.1, on which I am performing the steps as described, but I still cannot logon.

regards

Altin

sampathsilva
Engager

My situation was bit different. I was not able to login after installing version 7.1 lab. The steps here did work. Thanks.

0 Karma

nk-1
Path Finder

I copied my Development Spunk v6.x passwd file to Splunk v7.1, and I managed to use the v6.x admin password to get back in to Splunk v7.
Is there any way to stop Splunk v7 from insisting on using the new password naming rules?

0 Karma

horsefez
SplunkTrust
SplunkTrust

this procedure is retarded...
thanks for clarifying it tho!

p_gurav
Champion

To reset the admin password:

  • Stop splunk service
  • Move the $SPLUNK_HOME/etc/passwd file to $SPLUNK_HOME/etc/passwd.bak
  • Start Splunk. After the restart you should be able to login using the default login (admin/changeme).
0 Karma

rashi83
Path Finder

Hi,

How can I rename the admin account name for Splunk dev license. As it's dev license it allows single user to be created and now I want to change the name of this id.

Is there any way?

0 Karma

493669
Super Champion

Just rename passwd file with a .bak extension and restart

0 Karma

emotz
Splunk Employee
Splunk Employee

This no longer is sufficient in Splunk 7.1 and forward. You get no users exist message when you try to login again. See additional posts for this to create user-seed.conf which is case sensitive

0 Karma

hsharry
New Member

Have tried it and does not work

0 Karma

gjanders
SplunkTrust
SplunkTrust

Have you restarted the Splunk service since making this change?

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...